1025
static unsigned char tls_check_client_cert(SSL *ssl, conn_t *conn) {
1045
static int tls_cert_match_dns_san(pool *p, X509 *cert, const char *dns_name) {
1047
#if OPENSSL_VERSION_NUMBER > 0x000907000L
1048
STACK_OF(GENERAL_NAME) *sans;
1050
sans = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1052
register unsigned int i;
1053
int nsans = sk_GENERAL_NAME_num(sans);
1055
for (i = 0; i < nsans; i++) {
1056
GENERAL_NAME *alt_name = sk_GENERAL_NAME_value(sans, i);
1058
if (alt_name->type == GEN_DNS) {
1062
dns_san = (char *) ASN1_STRING_data(alt_name->d.ia5);
1063
dns_sanlen = strlen(dns_san);
1065
/* Check for subjectAltName values which contain embedded NULs.
1066
* This can cause verification problems (spoofing), e.g. if the
1067
* string is "www.goodguy.com\0www.badguy.com"; the use of strcmp()
1068
* only checks "www.goodguy.com".
1071
if (ASN1_STRING_length(alt_name->d.ia5) != dns_sanlen) {
1072
tls_log("%s", "cert dNSName SAN contains embedded NULs, "
1073
"rejecting as possible spoof attempt");
1074
tls_log("suspicious dNSName SAN value: '%s'",
1075
get_printable_subjaltname(p, dns_san,
1076
ASN1_STRING_length(alt_name->d.dNSName)));
1078
GENERAL_NAME_free(alt_name);
1079
sk_GENERAL_NAME_free(sans);
1083
if (strncasecmp(dns_name, dns_san, dns_sanlen + 1) == 0) {
1084
pr_trace_msg(trace_channel, 8,
1085
"found cert dNSName SAN matching '%s'", dns_name);
1089
pr_trace_msg(trace_channel, 9,
1090
"cert dNSName SAN '%s' did not match '%s'", dns_san, dns_name);
1094
GENERAL_NAME_free(alt_name);
1101
sk_GENERAL_NAME_free(sans);
1103
#endif /* OpenSSL-0.9.7 or later */
1108
static int tls_cert_match_ip_san(pool *p, X509 *cert, const char *ipstr) {
1110
STACK_OF(GENERAL_NAME) *sans;
1112
sans = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1114
register unsigned int i;
1115
int nsans = sk_GENERAL_NAME_num(sans);
1117
for (i = 0; i < nsans; i++) {
1118
GENERAL_NAME *alt_name = sk_GENERAL_NAME_value(sans, i);
1120
if (alt_name->type == GEN_IPADD) {
1121
unsigned char *san_data = NULL;
1122
int have_ipstr = FALSE, san_datalen;
1124
char san_ipstr[INET6_ADDRSTRLEN + 1] = {'\0'};
1126
char san_ipstr[INET_ADDRSTRLEN + 1] = {'\0'};
1127
#endif /* PR_USE_IPV6 */
1129
san_data = ASN1_STRING_data(alt_name->d.ip);
1130
memset(san_ipstr, '\0', sizeof(san_ipstr));
1132
san_datalen = ASN1_STRING_length(alt_name->d.ip);
1133
if (san_datalen == 4) {
1135
snprintf(san_ipstr, sizeof(san_ipstr)-1, "%u.%u.%u.%u",
1136
san_data[0], san_data[1], san_data[2], san_data[3]);
1140
} else if (san_datalen == 16) {
1143
if (pr_inet_ntop(AF_INET6, san_data, san_ipstr,
1144
sizeof(san_ipstr)-1) == NULL) {
1145
tls_log("unable to convert cert iPAddress SAN value (length %d) "
1146
"to IPv6 representation: %s", san_datalen, strerror(errno));
1152
#endif /* PR_USE_IPV6 */
1154
pr_trace_msg(trace_channel, 3,
1155
"unsupported cert SAN ipAddress length (%d), ignoring",
1161
size_t san_ipstrlen;
1163
san_ipstrlen = strlen(san_ipstr);
1165
if (strncmp(ipstr, san_ipstr, san_ipstrlen + 1) == 0) {
1166
pr_trace_msg(trace_channel, 8,
1167
"found cert iPAddress SAN matching '%s'", ipstr);
1171
if (san_datalen == 16) {
1172
/* We need to handle the case where the iPAddress SAN might
1173
* have contained an IPv4-mapped IPv6 adress, and we're
1174
* comparing against an IPv4 address.
1176
if (san_ipstrlen > 7 &&
1177
strncasecmp(san_ipstr, "::ffff:", 7) == 0) {
1178
if (strncmp(ipstr, san_ipstr + 7, san_ipstrlen - 6) == 0) {
1179
pr_trace_msg(trace_channel, 8,
1180
"found cert iPAddress SAN '%s' matching '%s'",
1187
pr_trace_msg(trace_channel, 9,
1188
"cert iPAddress SAN '%s' did not match '%s'", san_ipstr, ipstr);
1194
GENERAL_NAME_free(alt_name);
1201
sk_GENERAL_NAME_free(sans);
1207
static int tls_cert_match_cn(pool *p, X509 *cert, const char *name,
1208
int allow_wildcards) {
1209
int matched = 0, idx = -1;
1210
X509_NAME *subj_name = NULL;
1211
X509_NAME_ENTRY *cn_entry = NULL;
1212
ASN1_STRING *cn_asn1 = NULL;
1213
char *cn_str = NULL;
1216
/* Find the position of the CommonName (CN) field within the Subject of
1219
subj_name = X509_get_subject_name(cert);
1220
if (subj_name == NULL) {
1221
pr_trace_msg(trace_channel, 12,
1222
"unable to check certificate CommonName against '%s': "
1223
"unable to get Subject", name);
1227
idx = X509_NAME_get_index_by_NID(subj_name, NID_commonName, -1);
1229
pr_trace_msg(trace_channel, 12,
1230
"unable to check certificate CommonName against '%s': "
1231
"no CommoName atribute found", name);
1235
cn_entry = X509_NAME_get_entry(subj_name, idx);
1236
if (cn_entry == NULL) {
1237
pr_trace_msg(trace_channel, 12,
1238
"unable to check certificate CommonName against '%s': "
1239
"error obtaining CommoName atribute found: %s", name, tls_get_errors());
1243
/* Convert the CN field to a string, by way of an ASN1 object. */
1244
cn_asn1 = X509_NAME_ENTRY_get_data(cn_entry);
1245
if (cn_asn1 == NULL) {
1246
X509_NAME_ENTRY_free(cn_entry);
1248
pr_trace_msg(trace_channel, 12,
1249
"unable to check certificate CommonName against '%s': "
1250
"error converting CommoName atribute to ASN.1: %s", name,
1255
cn_str = (char *) ASN1_STRING_data(cn_asn1);
1257
/* Check for CommonName values which contain embedded NULs. This can cause
1258
* verification problems (spoofing), e.g. if the string is
1259
* "www.goodguy.com\0www.badguy.com"; the use of strcmp() only checks
1260
* "www.goodguy.com".
1263
cn_len = strlen(cn_str);
1265
if (ASN1_STRING_length(cn_asn1) != cn_len) {
1266
X509_NAME_ENTRY_free(cn_entry);
1268
tls_log("%s", "cert CommonName contains embedded NULs, rejecting as "
1269
"possible spoof attempt");
1270
tls_log("suspicious CommonName value: '%s'",
1271
get_printable_subjaltname(p, (const char *) cn_str,
1272
ASN1_STRING_length(cn_asn1)));
1276
/* Yes, this is deliberately a case-insensitive comparison. Most CNs
1277
* contain a hostname (case-insensitive); if they contain an IP address,
1278
* the case-insensitivity won't hurt anything. In fact, it's needed for
1279
* e.g. IPv6 addresses.
1281
if (strncasecmp(name, cn_str, cn_len + 1) == 0) {
1288
/* XXX Implement wildcard checking. */
1291
X509_NAME_ENTRY_free(cn_entry);
1295
static int tls_check_client_cert(SSL *ssl, conn_t *conn) {
1026
1296
X509 *cert = NULL;
1027
unsigned char ok = FALSE, have_cn = FALSE, have_dns_ext = FALSE,
1028
have_ipaddr_ext = FALSE;
1297
unsigned char have_cn = FALSE, have_dns_ext = FALSE, have_ipaddr_ext = FALSE;
1030
1300
/* Only perform these more stringent checks if asked to verify clients. */
1031
if (!(tls_flags & TLS_SESS_VERIFY_CLIENT))
1301
if (!(tls_flags & TLS_SESS_VERIFY_CLIENT)) {
1034
1305
/* Only perform these checks is configured to do so. */
1035
1306
if (!(tls_opts & TLS_OPT_VERIFY_CERT_FQDN) &&
1036
1307
!(tls_opts & TLS_OPT_VERIFY_CERT_IP_ADDR) &&
1037
1308
!(tls_opts & TLS_OPT_VERIFY_CERT_CN)) {
1041
/* Note: this should _never_ return NULL in this case. */
1042
1312
cert = SSL_get_peer_certificate(ssl);
1314
/* This can be null in the case where some anonymous (insecure)
1315
* cipher suite was used.
1317
tls_log("unable to verify '%s': client did not provide certificate",
1322
/* Check the DNS SANs if configured. */
1323
if (tls_opts & TLS_OPT_VERIFY_CERT_FQDN) {
1326
matched = tls_cert_match_dns_san(conn->pool, cert, conn->remote_name);
1328
tls_log("client cert dNSName SANs do not match remote name '%s'",
1333
tls_log("client cert dNSName SAN matches remote name '%s'",
1335
have_dns_ext = TRUE;
1340
/* Check the IP SANs, if configured. */
1341
if (tls_opts & TLS_OPT_VERIFY_CERT_IP_ADDR) {
1344
matched = tls_cert_match_ip_san(conn->pool, cert,
1345
pr_netaddr_get_ipstr(conn->remote_addr));
1347
tls_log("client cert iPAddress SANs do not match client IP '%s'",
1348
pr_netaddr_get_ipstr(conn->remote_addr));
1352
tls_log("client cert iPAddress SAN matches client IP '%s'",
1353
pr_netaddr_get_ipstr(conn->remote_addr));
1354
have_ipaddr_ext = TRUE;
1044
1359
/* Check the CN (Common Name) if configured. */
1045
1360
if (tls_opts & TLS_OPT_VERIFY_CERT_CN) {
1048
/* This does NOT increment a reference counter, thus we do NOT want
1049
* call X509_NAME_free() on the returned pointer.
1051
sn = X509_get_subject_name(cert);
1053
STACK_OF(X509_NAME_ENTRY) *sk_name_ents;
1054
register unsigned int i;
1057
/* XXX I don't like this direct access to the entries member */
1058
sk_name_ents = sn->entries;
1059
nents = sk_X509_NAME_ENTRY_num(sk_name_ents);
1061
for (i = 0; i < nents; i++) {
1062
X509_NAME_ENTRY *ent;
1065
ent = sk_X509_NAME_ENTRY_value(sk_name_ents, i);
1067
nid = OBJ_obj2nid((ASN1_OBJECT *) X509_NAME_ENTRY_get_object(ent));
1068
if (nid == NID_commonName) {
1074
/* XXX I don't like these direct accesses to the data and length
1077
ptr = (const char *) ent->value->data;
1078
len = ent->value->length;
1080
/* Check for CommonName values which contain embedded NULs. This
1081
* can cause verification problems (spoofing), e.g. if the string is
1082
* "www.goodguy.com\0www.badguy.com"; the use of strcmp() only checks
1083
* "www.goodguy.com".
1086
if (len != strlen(ptr)) {
1087
tls_log("%s", "client cert CommonName contains embedded NULs, "
1088
"rejecting as possible spoof attempt");
1089
tls_log("suspicious CommonName value: '%s'",
1090
get_printable_subjaltname(conn->pool, (const char *) ptr, len));
1092
X509_NAME_ENTRY_free(ent);
1096
if (strcmp(ptr, conn->remote_name) != 0) {
1097
tls_log("client cert CommonName value '%s' != client FQDN '%s'",
1098
ptr, conn->remote_name);
1100
X509_NAME_ENTRY_free(ent);
1105
tls_log("%s", "client cert CommonName matches client FQDN");
1115
/* Next, check the subjectAltName X509v3 extensions, as is proper, for
1116
* the IP address and FQDN.
1118
if ((tls_opts & TLS_OPT_VERIFY_CERT_IP_ADDR) ||
1119
(tls_opts & TLS_OPT_VERIFY_CERT_FQDN)) {
1120
STACK_OF(GENERAL_NAME) *sk_alt_names;
1122
sk_alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1124
register unsigned int i;
1125
int nnames = sk_GENERAL_NAME_num(sk_alt_names);
1127
for (i = 0; i < nnames; i++) {
1128
GENERAL_NAME *name = sk_GENERAL_NAME_value(sk_alt_names, i);
1130
/* Only interested in the DNS and IP address types right now. */
1131
switch (name->type) {
1133
if (tls_opts & TLS_OPT_VERIFY_CERT_FQDN) {
1134
const char *cert_dns_name = (const char *) name->d.ia5->data;
1135
have_dns_ext = TRUE;
1137
/* Check for subjectAltName values which contain embedded
1138
* NULs. This can cause verification problems (spoofing),
1139
* e.g. if the string is "www.goodguy.com\0www.badguy.com"; the
1140
* use of strcmp() only checks "www.goodguy.com".
1143
if ((size_t) name->d.ia5->length != strlen(cert_dns_name)) {
1144
tls_log("%s", "client cert dNSName contains embedded NULs, "
1145
"rejecting as possible spoof attempt");
1146
tls_log("suspicious dNSName value: '%s'",
1147
get_printable_subjaltname(conn->pool,
1148
(const char *) name->d.ia5->data,
1149
(size_t) name->d.ia5->length));
1151
GENERAL_NAME_free(name);
1152
sk_GENERAL_NAME_free(sk_alt_names);
1157
if (strcmp(cert_dns_name, conn->remote_name) != 0) {
1158
tls_log("client cert dNSName value '%s' != client FQDN '%s'",
1159
cert_dns_name, conn->remote_name);
1161
GENERAL_NAME_free(name);
1162
sk_GENERAL_NAME_free(sk_alt_names);
1168
tls_log("%s", "client cert dNSName matches client FQDN");
1175
if (tls_opts & TLS_OPT_VERIFY_CERT_IP_ADDR) {
1176
pr_netaddr_t *cert_addr;
1177
unsigned char *cert_data, ipv6_reqd = FALSE;
1178
const char *rep = NULL;
1181
char cert_ipstr[INET6_ADDRSTRLEN + 1] = {'\0'};
1183
char cert_ipstr[INET_ADDRSTRLEN + 1] = {'\0'};
1184
#endif /* PR_USE_IPV6 */
1186
cert_data = name->d.ip->data;
1187
memset(cert_ipstr, '\0', sizeof(cert_ipstr));
1189
if (name->d.ip->length == 4) {
1191
snprintf(cert_ipstr, sizeof(cert_ipstr)-1, "%d.%d.%d.%d",
1192
cert_data[0], cert_data[1], cert_data[2], cert_data[3]);
1195
} else if (name->d.ip->length == 16) {
1197
/* Make sure that IPv6 support is enabled, at least for the
1198
* scope of these checks, if necessary.
1200
if (pr_netaddr_use_ipv6() == FALSE) {
1204
rep = pr_inet_ntop(AF_INET6, cert_data, cert_ipstr,
1205
sizeof(cert_ipstr)-1);
1207
tls_log("unable to convert client cert iPAddress value "
1208
"(length %d) to IPv6 representation: %s",
1209
name->d.ip->length, strerror(errno));
1211
GENERAL_NAME_free(name);
1212
sk_GENERAL_NAME_free(sk_alt_names);
1216
#endif /* PR_USE_IPV6 */
1219
/* Malformed IP address SubjectAltName extension. */
1220
tls_log("unexpected client cert iPAddress value length (%d)",
1221
name->d.ip->length);
1223
GENERAL_NAME_free(name);
1224
sk_GENERAL_NAME_free(sk_alt_names);
1229
have_ipaddr_ext = TRUE;
1232
pr_netaddr_enable_ipv6();
1235
cert_addr = pr_netaddr_get_addr(session.pool, cert_ipstr, NULL);
1236
if (cert_addr == NULL) {
1238
pr_netaddr_disable_ipv6();
1241
tls_log("unable to resolve client cert iPAddress value "
1242
"'%s' to address: %s", cert_ipstr, strerror(errno));
1244
GENERAL_NAME_free(name);
1245
sk_GENERAL_NAME_free(sk_alt_names);
1250
res = pr_netaddr_cmp(cert_addr, conn->remote_addr);
1253
pr_netaddr_disable_ipv6();
1257
tls_log("client cert iPAddress value '%s' != client IP '%s'",
1258
cert_ipstr, pr_netaddr_get_ipstr(conn->remote_addr));
1260
GENERAL_NAME_free(name);
1261
sk_GENERAL_NAME_free(sk_alt_names);
1266
tls_log("client cert iPAddress matches client IP '%s'",
1267
pr_netaddr_get_ipstr(conn->remote_addr));
1277
GENERAL_NAME_free(name);
1280
sk_GENERAL_NAME_free(sk_alt_names);
1363
matched = tls_cert_match_cn(conn->pool, cert, conn->remote_name, TRUE);
1365
tls_log("client cert CommonName does not match client FQDN '%s'",
1370
tls_log("client cert CommonName matches client FQDN '%s'",
3876
static int tls_connect(conn_t *conn) {
3877
int blocking, res = 0, xerrno = 0;
3880
BIO *rbio = NULL, *wbio = NULL;
3883
tls_log("%s", "unable to start session: null SSL_CTX");
3887
ssl = SSL_new(ssl_ctx);
3889
tls_log("error: unable to start session: %s",
3890
ERR_error_string(ERR_get_error(), NULL));
3894
/* We deliberately set SSL_VERIFY_NONE here, so that we get to
3895
* determine how to handle the server cert verification result ourselves.
3897
SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
3899
/* This works with either rfd or wfd (I hope). */
3900
rbio = BIO_new_socket(conn->rfd, FALSE);
3901
wbio = BIO_new_socket(conn->rfd, FALSE);
3902
SSL_set_bio(ssl, rbio, wbio);
3904
/* If configured, set a timer for the handshake. */
3905
if (tls_handshake_timeout) {
3906
tls_handshake_timer_id = pr_timer_add(tls_handshake_timeout, -1,
3907
&tls_module, tls_handshake_timeout_cb, "SSL/TLS handshake");
3910
/* Make sure that TCP_NODELAY is enabled for the handshake. */
3911
pr_inet_set_proto_nodelay(conn->pool, conn, 1);
3915
blocking = tls_get_block(conn);
3917
/* Put the connection in non-blocking mode for the duration of the
3918
* SSL handshake. This lets us handle EAGAIN/retries better (i.e.
3919
* without spinning in a tight loop and consuming the CPU).
3921
pr_inet_set_nonblock(conn->pool, conn);
3924
pr_signals_handle();
3925
res = SSL_connect(ssl);
3931
/* Return the connection to blocking mode. */
3932
pr_inet_set_block(conn->pool, conn);
3936
const char *msg = "unable to connect using TLS connection";
3937
int errcode = SSL_get_error(ssl, res);
3939
pr_signals_handle();
3941
if (tls_handshake_timed_out) {
3942
tls_log("TLS negotiation timed out (%u seconds)", tls_handshake_timeout);
3943
tls_end_sess(ssl, PR_NETIO_STRM_DATA, 0);
3948
case SSL_ERROR_WANT_READ:
3949
tls_readmore(conn->rfd);
3952
case SSL_ERROR_WANT_WRITE:
3953
tls_writemore(conn->rfd);
3956
case SSL_ERROR_ZERO_RETURN:
3957
tls_log("%s: TLS connection closed", msg);
3960
case SSL_ERROR_WANT_X509_LOOKUP:
3961
tls_log("%s: needs X509 lookup", msg);
3964
case SSL_ERROR_SYSCALL: {
3965
/* Check to see if the OpenSSL error queue has info about this. */
3966
int xerrcode = ERR_get_error();
3968
if (xerrcode == 0) {
3969
/* The OpenSSL error queue doesn't have any more info, so we'll
3970
* examine the SSL_connect() return value itself.
3975
tls_log("%s: received EOF that violates protocol", msg);
3977
} else if (res == -1) {
3979
tls_log("%s: system call error: [%d] %s", msg, xerrno,
3984
tls_log("%s: system call error: %s", msg, tls_get_errors());
3991
tls_log("%s: protocol error: %s", msg, tls_get_errors());
3995
pr_event_generate("mod_tls.data-handshake-failed", &errcode);
3997
tls_end_sess(ssl, PR_NETIO_STRM_DATA, 0);
4001
/* Disable TCP_NODELAY, now that the handshake is done. */
4002
pr_inet_set_proto_nodelay(conn->pool, conn, 0);
4004
/* Disable the handshake timer. */
4005
pr_timer_remove(tls_handshake_timer_id, &tls_module);
4007
/* Manually update the raw bytes counters with the network IO from the
4010
session.total_raw_in += (BIO_number_read(rbio) +
4011
BIO_number_read(wbio));
4012
session.total_raw_out += (BIO_number_written(rbio) +
4013
BIO_number_written(wbio));
4015
/* Stash the SSL object in the pointers of the correct NetIO streams. */
4016
if (conn == session.d) {
4017
pr_buffer_t *strm_buf;
4019
tls_data_rd_nstrm->strm_data = tls_data_wr_nstrm->strm_data = (void *) ssl;
4021
/* Clear any data from the NetIO stream buffers which may have been read
4022
* in before the SSL/TLS handshake occurred (Bug#3624).
4024
strm_buf = tls_data_rd_nstrm->strm_buf;
4025
if (strm_buf != NULL) {
4026
strm_buf->current = NULL;
4027
strm_buf->remaining = strm_buf->buflen;
4031
#if OPENSSL_VERSION_NUMBER == 0x009080cfL
4032
/* In OpenSSL-0.9.8l, SSL session renegotiations are automatically
4033
* disabled. Thus if the admin explicitly configured support for
4034
* client-initiated renegotations via the AllowClientRenegotiations
4035
* TLSOption, then we need to do some hackery to enable renegotiations.
4037
if (tls_opts & TLS_OPT_ALLOW_CLIENT_RENEGOTIATIONS) {
4038
ssl->s3->flags |= SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
4042
subj = tls_get_subj_name(ssl);
4044
tls_log("Server: %s", subj);
4047
if (tls_check_server_cert(ssl, conn) < 0) {
4048
tls_end_sess(ssl, PR_NETIO_STRM_DATA, 0);
4052
tls_log("%s connection created, using cipher %s (%d bits)",
4053
SSL_get_cipher_version(ssl), SSL_get_cipher_name(ssl),
4054
SSL_get_cipher_bits(ssl, NULL));
3547
4059
static void tls_cleanup(int flags) {
3549
4061
tls_sess_cache_close();
6296
6821
/* Enforce the "data" part of TLSRequired, if configured. */
6297
6822
if (tls_required_on_data == 1 ||
6298
6823
(tls_flags & TLS_SESS_NEED_DATA_PROT)) {
6299
X509 *ctrl_cert = NULL, *data_cert = NULL;
6301
tls_log("%s", "starting TLS negotiation on data connection");
6302
tls_data_need_init_handshake = TRUE;
6303
if (tls_accept(session.d, TRUE) < 0) {
6304
tls_log("%s", "unable to open data connection: TLS negotiation failed");
6305
session.d->xerrno = EPERM;
6309
/* Make sure that the certificate used, if any, for this data channel
6310
* handshake is the same as that used for the control channel handshake.
6311
* This may be too strict of a requirement, though.
6825
/* XXX How to force 421 response code for failed secure FXP/SSCN? */
6827
/* Directory listings (LIST, MLSD, NLST) are ALWAYS handled in server
6828
* mode, regardless of SSCN mode.
6313
ctrl_cert = SSL_get_peer_certificate(ctrl_ssl);
6314
data_cert = SSL_get_peer_certificate((SSL *) nstrm->strm_data);
6316
if (ctrl_cert && data_cert) {
6317
if (X509_cmp(ctrl_cert, data_cert)) {
6318
X509_free(ctrl_cert);
6319
X509_free(data_cert);
6321
/* Properly shutdown the SSL session. */
6322
tls_end_sess((SSL *) nstrm->strm_data, nstrm->strm_type, 0);
6324
tls_data_rd_nstrm->strm_data = tls_data_wr_nstrm->strm_data =
6325
nstrm->strm_data = NULL;
6327
tls_log("%s", "unable to open data connection: control/data "
6328
"certificate mismatch");
6330
session.d->xerrno = EPERM;
6830
if (session.curr_cmd_id == PR_CMD_LIST_ID ||
6831
session.curr_cmd_id == PR_CMD_MLSD_ID ||
6832
session.curr_cmd_id == PR_CMD_NLST_ID ||
6833
tls_sscn_mode == TLS_SSCN_MODE_SERVER) {
6834
X509 *ctrl_cert = NULL, *data_cert = NULL;
6836
tls_log("%s", "starting TLS negotiation on data connection");
6837
tls_data_need_init_handshake = TRUE;
6838
if (tls_accept(session.d, TRUE) < 0) {
6840
"unable to open data connection: TLS negotiation failed");
6841
session.d->xerrno = EPERM;
6845
/* Make sure that the certificate used, if any, for this data channel
6846
* handshake is the same as that used for the control channel handshake.
6847
* This may be too strict of a requirement, though.
6849
ctrl_cert = SSL_get_peer_certificate(ctrl_ssl);
6850
data_cert = SSL_get_peer_certificate((SSL *) nstrm->strm_data);
6852
if (ctrl_cert != NULL &&
6853
data_cert != NULL) {
6854
if (X509_cmp(ctrl_cert, data_cert)) {
6855
X509_free(ctrl_cert);
6856
X509_free(data_cert);
6858
/* Properly shutdown the SSL session. */
6859
tls_end_sess((SSL *) nstrm->strm_data, nstrm->strm_type, 0);
6861
tls_data_rd_nstrm->strm_data = tls_data_wr_nstrm->strm_data =
6862
nstrm->strm_data = NULL;
6864
tls_log("%s", "unable to open data connection: control/data "
6865
"certificate mismatch");
6867
session.d->xerrno = EPERM;
6872
X509_free(ctrl_cert);
6875
X509_free(data_cert);
6878
} else if (tls_sscn_mode == TLS_SSCN_MODE_CLIENT) {
6879
tls_log("%s", "making TLS connection for data connection");
6880
if (tls_connect(session.d) < 0) {
6882
"unable to open data connection: TLS connection failed");
6883
session.d->xerrno = EPERM;
6335
6888
#if OPENSSL_VERSION_NUMBER < 0x0090702fL
6336
6889
/* Make sure blinding is turned on. (For some reason, this only seems